fix: restore linux interactive PTY and runtime-dir behavior

[jy-tan]

Summary

Restore Linux interactive sessions so PTY-launched shells start reliably, keep job control by default, and always get a usable runtime directory. The default Linux PTY path now skips bwrap --new-session, relies on a targeted ioctl(TIOCSTI) seccomp rule, and falls back to a private /tmp/fence-runtime-<uid>-<pid> directory when the inherited runtime dir is not usable inside the sandbox.

Resolves #61.

Changes

• Stop forcing bwrap --new-session for interactive Linux PTY sessions by default
• Add forceNewSession config and --force-new-session CLI override so strict session isolation is still available when desired
• Fix the PTY launch path so interactive shells no longer fail with fork/exec ... operation not permitted
• Preserve inherited XDG_RUNTIME_DIR and TMPDIR only when they are actually usable in the sandbox; otherwise create a private 0700 runtime dir under /tmp
• Extend the Linux seccomp filter to block ioctl(TIOCSTI) explicitly using a narrow ioctl-argument rule
• Add regression coverage for session policy, runtime-dir fallback and preservation, PTY startup, and the strict override path
• Update docs and regenerate the config schema to document the new Linux session policy

Validation

• go test ./...
• Manually verified ./fence -t code -- bash starts without job-control warnings after rebuild
• Manually verified ./fence -t code --force-new-session -- bash still reproduces the old job-control tradeoff intentionally
• Manually verified ./fence -t code -c 'echo "XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"; touch "$XDG_RUNTIME_DIR/fence-repro"' uses a private writable runtime dir

[cubic-dev-ai]

2 issues found across 14 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="cmd/fence/main.go">

<violation number="1" location="cmd/fence/main.go:222">
P1: Guard `cfg` before assigning `ForceNewSession`; `config.Load` can return nil for missing/empty files, which makes this new assignment panic.</violation>
</file>

<file name="internal/sandbox/linux.go">

<violation number="1" location="internal/sandbox/linux.go:428">
P2: TOCTOU race between `mkdir -p` and `chmod 700`: the directory is briefly world-readable. Replace with `install -d -m 0700 "$dir"` which sets permissions atomically at creation and returns a meaningful exit status on failure.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

1 issue found across 1 file (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="internal/sandbox/integration_linux_test.go">

<violation number="1" location="internal/sandbox/integration_linux_test.go:788">
P3: The TMPDIR fallback assertion is too permissive: `strings.Contains(..., "TMP=/tmp")` can pass for incorrect TMPDIR values (for example `/tmp-custom`), weakening this regression test.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}